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WHAT IS CLAIMED IS: 

1 . A method of using the Host Identity Protocol (HIP) to at least partially secure 
communications between a first host operating in a first network environment and a 
second, HIP-enabled, host operating in a second network environment, with a gateway 
node forming a gateway between the two environments, the method comprising: 

associating an identifier with the first host, storing the identifier at the gateway 
node, and sending the identifier to the first host; 

using the identifier as a source address in a subsequent session initiation 
message sent from the first host to the gateway node and having an indication that the 
destination of the message is the second host; and 

using the stored identifier at the gateway node to negotiate a secure HIP 
connection to the second host. 

2. A method as claimed in claim 1, wherein the identifier is generated at the 
gateway node. 

3. A method as claimed in claim 2, wherein the identifier is generated in response 
to the sending of a context activation request from the first host to the gateway node. 

4. A method as claimed in claim 3, wherein the context activation request is a 
Packet Data Protocol (PDP) context activation request to activate a PDP context, and 
the identifier is used as the PDP address in the PDP context. 

5. A method as claimed in any preceding claim, wherein the first host is not HIP 
enabled and the secure HEP connection is negotiated between the gateway node and the; 
second host. 

6. A method as claimed in any one of claims 1 to 4, wherein the first host is HEP 
enabled and the secure HIP connection is negotiated between the first and second hosts _ 
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7. A method as claimed in any preceding claim, wherein the identifier is of tfcie 
same length as an address in the addressing scheme used by the first host for 
communication with the gateway node. 

8. A method as claimed in claim 7, wherein the IP addressing scheme is usee! and 
the identifier is used as the source IP address in the session initiation message. 

9. A method as claimed in any preceding claim, wherein the identifier is a look-up 
identifier associated with a HIP identity tag generated for and associated with the first 
host, allowing the HIP identity tag for the first host to be retrieved at the gateway node 
using the look-up identifier. 

10. A method as claimed in any one of claims 1 to 8, wherein the identifier is a HIP 
identity tag. 

11. A method as claimed in claim 9 or 10, when dependent on claim 5, wherein the 
HIP identity tag is included in a HIP header during negotiation of the HIP connection 
between the gateway and the second host. 

1 2. A method as claimed in claim 9, 10 or 1 1 , wherein the HIP identity tag is a Host 
Identity Tag (HIT) or a Local Scope Identifier (LSI). 

13. A method as claimed in any one of claims 9 to 12, wherein the HIP identity tag 
is generated from a key pair. 

14. A method as claimed in claim 13, when dependent on claim 5, wherein the key 
pair which is stored in the gateway node for use during subsequent HIP communications 
between the gateway node and the second host. 

15. A method as claimed in any one of claims 1 to 9, wherein the identifier is in the 
form of an IP address. 

16. A method as claimed in any preceding claim, wherein the first network 
environment is a mobile network environment. 
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17. A method as claimed in claim 1 6, wherein the mobile network environment is a 
3G mobile environment. 

18. A method as claimed in claim 17, wherein the mobile network environment is £i 
UMTS mobile network environment. 

19. A method as claimed in any preceding claim, wherein the second network 
environment is an Internet network environment. 

20. A method as claimed in any preceding claim, wherein the gateway node 
provides the functionality of a HIP proxy. 

21. A method as claimed in any preceding claim, wherein the gateway node is a 
Gateway GPRS Support Node (GGSN). 

22. A method as claimed in any preceding claim, comprising replacing the identifier 
with an address associated with the gateway node as the source address in a subsequent 
message sent to the second host. 

23. A communications system comprising a first host operating in a first network 
environment, a second, Host Identity Protocol (HIP) enabled, host operating in a second 
network environment, a gateway node forming a gateway between the two 
environments, means for associating an identifier with the first host, means for storing 
the identifier at the gateway node, means for sending the identifier to the first host, 
means for using the identifier as a source address in a subsequent session initiation 
message sent from the first host to the gateway node and having an indication that the 
destination of the message is the second host, and means for using the stored identifiezr 
at the gateway node to negotiate a secure HIP connection to the second host. 

24. A method, for use by a gateway node, of using the Host Identity Protocol (HHP) 
to at least partially secure communications between a first host operating in a first 
network environment and a second, HIP-enabled, host operating in a second network 
environment, with the gateway node forming a gateway between the two environments, 



WO 2005/101753 



PCT/EP2004/050533 



30 

the method comprising: 

associating an identifier with the first host, storing the identifier at the gateway 
node, and sending the identifier to the first host; 

receiving a subsequent session initiation message sent from the first host to the 
gateway node, the message having the identifier as a source address and also having an 
indication that the destination of the message is the second host; and 

using the stored identifier at the gateway node to negotiate a secure HIP 
connection to the second host. 

25. An apparatus for use as a gateway node between a first host operating in a first 
network environment and a second, Host Identity Protocol (HIP) enabled, host 
operating in a second network environment, comprising: means for associating an 
identifier with the first host, means for storing the identifier at the gateway node, means 
for sending the identifier to the first host, means for receiving a subsequent session 
initiation message sent from the first host to the gateway node, the message having the 
identifier as a source address and also having an indication that the destination of the 
message is the second host, and means for using the stored identifier at the gateway 
node to negotiate a secure HIP connection to the second host. 

26. An operating program which, when run on a gateway node, causes the ga-teway 
node to carry out a method as claimed in claim 24. 

27. An operating program which, when loaded into a gateway node, causes thie 
gateway node to become apparatus as claimed in claim 25. 

28. An operating program as claimed in claim 26 or 27, carried on a carrier medium. 

29. An operating program as claimed in claim 28, wherein the carrier medium is a 
transmission medium. 

30. An operating program as claimed in claim 28, wherein the carrier medium is a 
storage medium. 



